]>
Commit | Line | Data |
---|---|---|
32f9109c AM |
1 | ###################################################################### |
2 | # Runtime configuration file for Exim # | |
3 | ###################################################################### | |
4 | ||
5 | ||
6 | # This is a default configuration file which will operate correctly in | |
7 | # uncomplicated installations. Please see the manual for a complete list | |
8 | # of all the runtime configuration options that can be included in a | |
9 | # configuration file. There are many more than are mentioned here. The | |
10 | # manual is in the file doc/spec.txt in the Exim distribution as a plain | |
11 | # ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are available | |
12 | # from the Exim ftp sites. The manual is also online at the Exim web sites. | |
13 | ||
14 | ||
15 | # This file is divided into several parts, all but the first of which are | |
16 | # headed by a line starting with the word "begin". Only those parts that | |
17 | # are required need to be present. Blank lines, and lines starting with # | |
18 | # are ignored. | |
19 | ||
20 | ||
21 | ########### IMPORTANT ########## IMPORTANT ########### IMPORTANT ########### | |
22 | # # | |
23 | # Whenever you change Exim's configuration file, you *must* remember to # | |
24 | # HUP the Exim daemon, because it will not pick up the new configuration # | |
25 | # until you do. However, any other Exim processes that are started, for # | |
26 | # example, a process started by an MUA in order to send a message, will # | |
27 | # see the new configuration as soon as it is in place. # | |
28 | # # | |
29 | # You do not need to HUP the daemon for changes in auxiliary files that # | |
30 | # are referenced from this file. They are read every time they are used. # | |
31 | # # | |
32 | # It is usually a good idea to test a new configuration for syntactic # | |
33 | # correctness before installing it (for example, by running the command # | |
34 | # "exim -C /config/file.new -bV"). # | |
35 | # # | |
36 | ########### IMPORTANT ########## IMPORTANT ########### IMPORTANT ########### | |
37 | ||
38 | ||
39 | ||
40 | ###################################################################### | |
41 | # MAIN CONFIGURATION SETTINGS # | |
42 | ###################################################################### | |
43 | ||
44 | # Specify your host's canonical name here. This should normally be the fully | |
45 | # qualified "official" name of your host. If this option is not set, the | |
46 | # uname() function is called to obtain the name. In many cases this does | |
47 | # the right thing and you need not set anything explicitly. | |
48 | ||
49 | # primary_hostname = | |
50 | ||
ab810ec5 | 51 | # daemon_smtp_ports = 25 : 465 |
2a057bf0 | 52 | # tls_on_connect_ports = 465 |
32f9109c AM |
53 | |
54 | # The next three settings create two lists of domains and one list of hosts. | |
55 | # These lists are referred to later in this configuration using the syntax | |
56 | # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They | |
57 | # are all colon-separated lists: | |
58 | ||
59 | domainlist local_domains = @ | |
60 | domainlist relay_to_domains = | |
61 | hostlist relay_from_hosts = 127.0.0.1 | |
62 | ||
ca20f3cf | 63 | # If You wish to enable support for STARTTLS, uncomment folowing lines: |
8342a235 | 64 | |
ca20f3cf ŁJM |
65 | # tls_certificate = /etc/openssl/mail.crt |
66 | # tls_privatekey = /etc/openssl/mail.key | |
67 | # tls_advertise_hosts = * | |
8342a235 | 68 | |
059a28f8 ŁJM |
69 | # You can use self-signed cerficates (you will need openssl-tools package): |
70 | ||
71 | # openssl genrsa -out /etc/openssl/mail.key 1024 | |
72 | # openssl req -new -x509 -days 365 -key /etc/openssl/mail.key -out /etc/openssl/mail.crt | |
73 | ||
32f9109c AM |
74 | # Most straightforward access control requirements can be obtained by |
75 | # appropriate settings of the above options. In more complicated situations, you | |
76 | # may need to modify the Access Control List (ACL) which appears later in this | |
77 | # file. | |
78 | ||
79 | # The first setting specifies your local domains, for example: | |
80 | # | |
81 | # domainlist local_domains = my.first.domain : my.second.domain | |
82 | # | |
83 | # You can use "@" to mean "the name of the local host", as in the default | |
84 | # setting above. This is the name that is specified by primary_hostname, | |
85 | # as specified above (or defaulted). If you do not want to do any local | |
ca20f3cf | 86 | # deliveries, remove the "@" from the setting above. If you want to accept mail |
32f9109c AM |
87 | # addressed to your host's literal IP address, for example, mail addressed to |
88 | # "user@[192.168.23.44]", you can add "@[]" as an item in the local domains | |
89 | # list. You also need to uncomment "allow_domain_literals" below. This is not | |
90 | # recommended for today's Internet. | |
91 | ||
92 | # The second setting specifies domains for which your host is an incoming relay. | |
93 | # If you are not doing any relaying, you should leave the list empty. However, | |
94 | # if your host is an MX backup or gateway of some kind for some domains, you | |
95 | # must set relay_to_domains to match those domains. For example: | |
96 | # | |
97 | # domainlist relay_to_domains = *.myco.com : my.friend.org | |
98 | # | |
99 | # This will allow any host to relay through your host to those domains. | |
100 | # See the section of the manual entitled "Control of relaying" for more | |
101 | # information. | |
102 | ||
103 | # The third setting specifies hosts that can use your host as an outgoing relay | |
104 | # to any other host on the Internet. Such a setting commonly refers to a | |
105 | # complete local network as well as the localhost. For example: | |
106 | # | |
107 | # hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/16 | |
108 | # | |
109 | # The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you | |
110 | # have to include 127.0.0.1 if you want to allow processes on your host to send | |
111 | # SMTP mail by using the loopback address. A number of MUAs use this method of | |
112 | # sending mail. | |
113 | ||
114 | ||
115 | # All three of these lists may contain many different kinds of item, including | |
116 | # wildcarded names, regular expressions, and file lookups. See the reference | |
117 | # manual for details. The lists above are used in the access control list for | |
118 | # incoming messages. The name of this ACL is defined here: | |
119 | ||
120 | acl_smtp_rcpt = acl_check_rcpt | |
121 | ||
122 | # You should not change that setting until you understand how ACLs work. | |
123 | ||
ca20f3cf ŁJM |
124 | # The following ACL entries are used if you want to do content scanning with |
125 | # the exiscan-acl patch. When you uncomment one of these lines, you must also | |
126 | # review the respective entries in the ACL section further below. | |
127 | ||
128 | # acl_smtp_mime = acl_check_mime | |
129 | # acl_smtp_data = acl_check_content | |
130 | ||
131 | # This configuration variable defines the virus scanner that is used with | |
132 | # the 'malware' ACL condition of the exiscan acl-patch. If you do not use | |
133 | # virus scanning, leave it commented. Please read doc/exiscan-acl-readme.txt | |
134 | # for a list of supported scanners. | |
135 | ||
136 | # av_scanner = sophie:/var/run/sophie | |
137 | ||
138 | # The following setting is only needed if you use the 'spam' ACL condition | |
139 | # of the exiscan-acl patch. It specifies on which host and port the SpamAssassin | |
140 | # "spamd" daemon is listening. If you do not use this condition, or you use | |
141 | # the default of "127.0.0.1 783", you can omit this option. | |
142 | ||
143 | # spamd_address = 127.0.0.1 783 | |
32f9109c AM |
144 | |
145 | # Specify the domain you want to be added to all unqualified addresses | |
146 | # here. An unqualified address is one that does not contain an "@" character | |
ca20f3cf | 147 | # followed by a domain. For example, "caesar@rome.example" is a fully qualified |
32f9109c AM |
148 | # address, but the string "caesar" (i.e. just a login name) is an unqualified |
149 | # email address. Unqualified addresses are accepted only from local callers by | |
150 | # default. See the recipient_unqualified_hosts option if you want to permit | |
151 | # unqualified addresses from remote sources. If this option is not set, the | |
152 | # primary_hostname value is used for qualification. | |
153 | ||
154 | # qualify_domain = | |
155 | ||
156 | ||
157 | # If you want unqualified recipient addresses to be qualified with a different | |
158 | # domain to unqualified sender addresses, specify the recipient domain here. | |
159 | # If this option is not set, the qualify_domain value is used. | |
160 | ||
161 | # qualify_recipient = | |
162 | ||
163 | ||
164 | # The following line must be uncommented if you want Exim to recognize | |
165 | # addresses of the form "user@[10.11.12.13]" that is, with a "domain literal" | |
166 | # (an IP address) instead of a named domain. The RFCs still require this form, | |
167 | # but it makes little sense to permit mail to be sent to specific hosts by | |
168 | # their IP address in the modern Internet. This ancient format has been used | |
169 | # by those seeking to abuse hosts by using them for unwanted relaying. If you | |
170 | # really do want to support domain literals, uncomment the following line, and | |
171 | # see also the "domain_literal" router below. | |
172 | ||
173 | # allow_domain_literals | |
174 | ||
175 | ||
176 | # No deliveries will ever be run under the uids of these users (a colon- | |
177 | # separated list). An attempt to do so causes a panic error to be logged, and | |
ca20f3cf ŁJM |
178 | # the delivery to be deferred. This is a paranoic safety catch. There is an |
179 | # even stronger safety catch in the form of the FIXED_NEVER_USERS setting | |
180 | # in the configuration for building Exim. The list of users that it specifies | |
181 | # is built into the binary, and cannot be changed. The option below just adds | |
182 | # additional users to the list. The default for FIXED_NEVER_USERS is "root", | |
183 | # but just to be absolutely sure, the default here is also "root". | |
184 | ||
185 | # Note that the default setting means you cannot deliver mail addressed to root | |
186 | # as if it were a normal user. This isn't usually a problem, as most sites have | |
187 | # an alias for root that redirects such mail to a human administrator. | |
188 | ||
32f9109c AM |
189 | never_users = root |
190 | ||
191 | ||
192 | # The setting below causes Exim to do a reverse DNS lookup on all incoming | |
193 | # IP calls, in order to get the true host name. If you feel this is too | |
194 | # expensive, you can specify the networks for which a lookup is done, or | |
195 | # remove the setting entirely. | |
196 | ||
197 | host_lookup = * | |
198 | ||
199 | ||
200 | # The settings below, which are actually the same as the defaults in the | |
201 | # code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP | |
202 | # calls. You can limit the hosts to which these calls are made, and/or change | |
203 | # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls | |
204 | # are disabled. RFC 1413 calls are cheap and can provide useful information | |
205 | # for tracing problem messages, but some hosts and firewalls have problems | |
206 | # with them. This can result in a timeout instead of an immediate refused | |
207 | # connection, leading to delays on starting up an SMTP session. | |
208 | ||
209 | rfc1413_hosts = * | |
210 | rfc1413_query_timeout = 30s | |
211 | ||
212 | ||
213 | # By default, Exim expects all envelope addresses to be fully qualified, that | |
214 | # is, they must contain both a local part and a domain. If you want to accept | |
215 | # unqualified addresses (just a local part) from certain hosts, you can specify | |
216 | # these hosts by setting one or both of | |
217 | # | |
218 | # sender_unqualified_hosts = | |
219 | # recipient_unqualified_hosts = | |
220 | # | |
221 | # to control sender and recipient addresses, respectively. When this is done, | |
222 | # unqualified addresses are qualified using the settings of qualify_domain | |
223 | # and/or qualify_recipient (see above). | |
224 | ||
225 | ||
226 | # If you want Exim to support the "percent hack" for certain domains, | |
227 | # uncomment the following line and provide a list of domains. The "percent | |
228 | # hack" is the feature by which mail addressed to x%y@z (where z is one of | |
229 | # the domains listed) is locally rerouted to x@y and sent on. If z is not one | |
230 | # of the "percent hack" domains, x%y is treated as an ordinary local part. This | |
231 | # hack is rarely needed nowadays; you should not enable it unless you are sure | |
232 | # that you really need it. | |
233 | # | |
234 | # percent_hack_domains = | |
235 | # | |
236 | # As well as setting this option you will also need to remove the test | |
237 | # for local parts containing % in the ACL definition below. | |
238 | ||
239 | ||
240 | # When Exim can neither deliver a message nor return it to sender, it "freezes" | |
241 | # the delivery error message (aka "bounce message"). There are also other | |
242 | # circumstances in which messages get frozen. They will stay on the queue for | |
243 | # ever unless one of the following options is set. | |
244 | ||
245 | # This option unfreezes frozen bounce messages after two days, tries | |
246 | # once more to deliver them, and ignores any delivery failures. | |
247 | ||
248 | ignore_bounce_errors_after = 2d | |
249 | ||
250 | # This option cancels (removes) frozen messages that are older than a week. | |
251 | ||
252 | timeout_frozen_after = 7d | |
253 | ||
254 | ||
255 | ||
256 | ###################################################################### | |
257 | # ACL CONFIGURATION # | |
258 | # Specifies access control lists for incoming SMTP mail # | |
259 | ###################################################################### | |
260 | ||
261 | begin acl | |
262 | ||
263 | # This access control list is used for every RCPT command in an incoming | |
264 | # SMTP message. The tests are run in order until the address is either | |
265 | # accepted or denied. | |
266 | ||
267 | acl_check_rcpt: | |
268 | ||
269 | # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by | |
270 | # testing for an empty sending host field. | |
271 | ||
272 | accept hosts = : | |
273 | ||
ca20f3cf ŁJM |
274 | ############################################################################# |
275 | # The following section of the ACL is concerned with local parts that contain | |
276 | # @ or % or ! or / or | or dots in unusual places. | |
277 | # | |
278 | # The characters other than dots are rarely found in genuine local parts, but | |
279 | # are often tried by people looking to circumvent relaying restrictions. | |
280 | # Therefore, although they are valid in local parts, these rules lock them | |
281 | # out, as a precaution. | |
282 | # | |
283 | # Empty components (two dots in a row) are not valid in RFC 2822, but Exim | |
284 | # allows them because they have been encountered. (Consider local parts | |
285 | # constructed as "firstinitial.secondinitial.familyname" when applied to | |
286 | # someone like me, who has no second initial.) However, a local part starting | |
287 | # with a dot or containing /../ can cause trouble if it is used as part of a | |
288 | # file name (e.g. for a mailing list). This is also true for local parts that | |
289 | # contain slashes. A pipe symbol can also be troublesome if the local part is | |
290 | # incorporated unthinkingly into a shell command line. | |
291 | # | |
292 | # Two different rules are used. The first one is stricter, and is applied to | |
293 | # messages that are addressed to one of the local domains handled by this | |
294 | # host. It blocks local parts that begin with a dot or contain @ % ! / or |. | |
295 | # If you have local accounts that include these characters, you will have to | |
296 | # modify this rule. | |
297 | ||
298 | deny message = Restricted characters in address | |
299 | domains = +local_domains | |
300 | local_parts = ^[.] : ^.*[@%!/|] | |
301 | ||
302 | # The second rule applies to all other domains, and is less strict. This | |
303 | # allows your own users to send outgoing messages to sites that use slashes | |
304 | # and vertical bars in their local parts. It blocks local parts that begin | |
305 | # with a dot, slash, or vertical bar, but allows these characters within the | |
306 | # local part. However, the sequence /../ is barred. The use of @ % and ! is | |
307 | # blocked, as before. The motivation here is to prevent your users (or | |
308 | # your users' viruses) from mounting certain kinds of attack on remote sites. | |
309 | ||
32f9109c | 310 | |
ca20f3cf ŁJM |
311 | deny message = Restricted characters in address |
312 | domains = !+local_domains | |
313 | local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ | |
314 | ############################################################################# | |
32f9109c AM |
315 | |
316 | # Accept mail to postmaster in any local domain, regardless of the source, | |
317 | # and without verifying the sender. | |
318 | ||
319 | accept local_parts = postmaster | |
320 | domains = +local_domains | |
321 | ||
322 | # Deny unless the sender address can be verified. | |
323 | ||
324 | require verify = sender | |
325 | ||
326 | ############################################################################# | |
327 | # There are no checks on DNS "black" lists because the domains that contain | |
328 | # these lists are changing all the time. However, here are two examples of | |
329 | # how you could get Exim to perform a DNS black list lookup at this point. | |
330 | # The first one denies, while the second just warns. | |
331 | # | |
332 | # deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text | |
333 | # dnslists = black.list.example | |
334 | # | |
335 | # warn message = X-Warning: $sender_host_address is in a black list at $dnslist_domain | |
336 | # log_message = found in $dnslist_domain | |
337 | # dnslists = black.list.example | |
338 | ############################################################################# | |
339 | ||
340 | # Accept if the address is in a local domain, but only if the recipient can | |
341 | # be verified. Otherwise deny. The "endpass" line is the border between | |
342 | # passing on to the next ACL statement (if tests above it fail) or denying | |
343 | # access (if tests below it fail). | |
344 | ||
345 | accept domains = +local_domains | |
346 | endpass | |
32f9109c AM |
347 | verify = recipient |
348 | ||
349 | # Accept if the address is in a domain for which we are relaying, but again, | |
350 | # only if the recipient can be verified. | |
351 | ||
352 | accept domains = +relay_to_domains | |
353 | endpass | |
32f9109c | 354 | verify = recipient |
32f9109c AM |
355 | # If control reaches this point, the domain is neither in +local_domains |
356 | # nor in +relay_to_domains. | |
357 | ||
358 | # Accept if the message comes from one of the hosts for which we are an | |
359 | # outgoing relay. Recipient verification is omitted here, because in many | |
360 | # cases the clients are dumb MUAs that don't cope well with SMTP error | |
361 | # responses. If you are actually relaying out from MTAs, you should probably | |
362 | # add recipient verification here. | |
363 | ||
364 | accept hosts = +relay_from_hosts | |
365 | ||
366 | # Accept if the message arrived over an authenticated connection, from | |
367 | # any host. Again, these messages are usually from MUAs, so recipient | |
368 | # verification is omitted. | |
369 | ||
370 | accept authenticated = * | |
371 | ||
372 | # Reaching the end of the ACL causes a "deny", but we might as well give | |
373 | # an explicit message. | |
374 | ||
375 | deny message = relay not permitted | |
376 | ||
ca20f3cf ŁJM |
377 | # These access control lists are used for content scanning with the exiscan-acl |
378 | # patch. You must also uncomment the entries for acl_smtp_data and acl_smtp_mime | |
379 | # (scroll up), otherwise the ACLs will not be used. IMPORTANT: the default entries here | |
380 | # should be treated as EXAMPLES. You MUST read the file doc/exiscan-acl-spec.txt | |
381 | # to fully understand what you are doing ... | |
382 | ||
383 | acl_check_mime: | |
384 | ||
385 | # Decode MIME parts to disk. This will support virus scanners later. | |
386 | warn decode = default | |
387 | ||
388 | # File extension filtering. | |
389 | deny message = Blacklisted file extension detected | |
390 | condition = ${if match \ | |
391 | {${lc:$mime_filename}} \ | |
392 | {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \ | |
393 | {1}{0}} | |
394 | ||
395 | # Reject messages that carry chinese character sets. | |
396 | # WARNING: This is an EXAMPLE. | |
397 | deny message = Sorry, noone speaks chinese here | |
398 | condition = ${if eq{$mime_charset}{gb2312}{1}{0}} | |
399 | ||
400 | accept | |
401 | ||
402 | acl_check_content: | |
403 | ||
404 | # Reject virus infested messages. | |
405 | deny message = This message contains malware ($malware_name) | |
406 | malware = * | |
407 | ||
408 | # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings | |
409 | # (user "nobody"), no matter if over threshold or not. | |
410 | warn message = X-Spam-Score: $spam_score ($spam_bar) | |
411 | spam = nobody:true | |
412 | warn message = X-Spam-Report: $spam_report | |
413 | spam = nobody:true | |
414 | ||
415 | # Add X-Spam-Flag if spam is over system-wide threshold | |
416 | warn message = X-Spam-Flag: YES | |
417 | spam = nobody | |
418 | ||
419 | # Reject spam messages with score over 10, using an extra condition. | |
420 | deny message = This message scored $spam_score points. Congratulations! | |
421 | spam = nobody:true | |
422 | condition = ${if >{$spam_score_int}{100}{1}{0}} | |
423 | ||
424 | # finally accept all the rest | |
425 | accept | |
32f9109c AM |
426 | |
427 | ||
428 | ###################################################################### | |
429 | # ROUTERS CONFIGURATION # | |
430 | # Specifies how addresses are handled # | |
431 | ###################################################################### | |
432 | # THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # | |
433 | # An address is passed to each router in turn until it is accepted. # | |
434 | ###################################################################### | |
435 | ||
436 | begin routers | |
437 | ||
438 | # This router routes to remote hosts over SMTP by explicit IP address, | |
439 | # when an email address is given in "domain literal" form, for example, | |
440 | # <user@[192.168.35.64]>. The RFCs require this facility. However, it is | |
441 | # little-known these days, and has been exploited by evil people seeking | |
442 | # to abuse SMTP relays. Consequently it is commented out in the default | |
443 | # configuration. If you uncomment this router, you also need to uncomment | |
444 | # allow_domain_literals above, so that Exim can recognize the syntax of | |
445 | # domain literal addresses. | |
446 | ||
447 | # domain_literal: | |
448 | # driver = ipliteral | |
ca20f3cf | 449 | # domains = ! +local_domains |
32f9109c AM |
450 | # transport = remote_smtp |
451 | ||
452 | ||
453 | # This router routes addresses that are not in local domains by doing a DNS | |
ca20f3cf ŁJM |
454 | # lookup on the domain name. Any domain that resolves to 0.0.0.0 or to a |
455 | # loopback interface address (127.0.0.0/8) is treated as if it had no DNS | |
456 | # entry. Note that 0.0.0.0 is the same as 0.0.0.0/32, which is commonly treated | |
457 | # as the local host inside the network stack. It is not 0.0.0.0/0, the default | |
458 | # route. If the DNS lookup fails, no further routers are tried because of | |
459 | # the no_more setting, and consequently the address is unrouteable. | |
32f9109c AM |
460 | |
461 | dnslookup: | |
462 | driver = dnslookup | |
463 | domains = ! +local_domains | |
464 | transport = remote_smtp | |
ca20f3cf | 465 | ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 |
32f9109c AM |
466 | no_more |
467 | ||
468 | ||
469 | # The remaining routers handle addresses in the local domain(s). | |
470 | ||
471 | ||
ca20f3cf ŁJM |
472 | # This router handles aliasing using a linearly searched alias file with the |
473 | # name /etc/mail/aliases. When this configuration is installed automatically, | |
474 | # the name gets inserted into this file from whatever is set in Exim's | |
475 | # build-time configuration. The default path is the traditional /etc/aliases. | |
476 | # If you install this configuration by hand, you need to specify the correct | |
477 | # path in the "data" setting below. | |
32f9109c | 478 | # |
ca20f3cf | 479 | ##### NB You must ensure that the alias file exists. It used to be the case |
32f9109c AM |
480 | ##### NB that every Unix had that file, because it was the Sendmail default. |
481 | ##### NB These days, there are systems that don't have it. Your aliases | |
482 | ##### NB file should at least contain an alias for "postmaster". | |
483 | # | |
484 | # If any of your aliases expand to pipes or files, you will need to set | |
485 | # up a user and a group for these deliveries to run under. You can do | |
486 | # this by uncommenting the "user" option below (changing the user name | |
487 | # as appropriate) and adding a "group" option if necessary. Alternatively, you | |
488 | # can specify "user" on the transports that are used. Note that the transports | |
489 | # listed below are the same as are used for .forward files; you might want | |
490 | # to set up different ones for pipe and file deliveries from aliases. | |
491 | ||
492 | system_aliases: | |
493 | driver = redirect | |
494 | allow_fail | |
495 | allow_defer | |
bec10d67 | 496 | data = ${lookup{$local_part}lsearch{/etc/mail/aliases}} |
32f9109c AM |
497 | # user = exim |
498 | file_transport = address_file | |
499 | pipe_transport = address_pipe | |
500 | ||
501 | ||
502 | # This router handles forwarding using traditional .forward files in users' | |
503 | # home directories. If you want it also to allow mail filtering when a forward | |
85aeaf0f ŁJM |
504 | # file starts with the string "# Exim filter" or "# Sieve filter", uncomment |
505 | # the "allow_filter" option. | |
506 | ||
507 | # If you want this router to treat local parts with suffixes introduced by "-" | |
508 | # or "+" characters as if the suffixes did not exist, uncomment the two local_ | |
509 | # part_suffix options. Then, for example, xxxx-foo@your.domain will be treated | |
510 | # in the same way as xxxx@your.domain by this router. You probably want to make | |
511 | # the same change to the localuser router. | |
32f9109c AM |
512 | |
513 | # The no_verify setting means that this router is skipped when Exim is | |
514 | # verifying addresses. Similarly, no_expn means that this router is skipped if | |
515 | # Exim is processing an EXPN command. | |
516 | ||
517 | # The check_ancestor option means that if the forward file generates an | |
518 | # address that is an ancestor of the current one, the current one gets | |
519 | # passed on instead. This covers the case where A is aliased to B and B | |
520 | # has a .forward file pointing to A. | |
521 | ||
522 | # The three transports specified at the end are those that are used when | |
523 | # forwarding generates a direct delivery to a file, or to a pipe, or sets | |
524 | # up an auto-reply, respectively. | |
525 | ||
526 | userforward: | |
527 | driver = redirect | |
528 | check_local_user | |
85aeaf0f ŁJM |
529 | # local_part_suffix = +* : -* |
530 | # local_part_suffix_optional | |
32f9109c | 531 | file = $home/.forward |
85aeaf0f | 532 | # allow_filter |
32f9109c AM |
533 | no_verify |
534 | no_expn | |
535 | check_ancestor | |
32f9109c AM |
536 | file_transport = address_file |
537 | pipe_transport = address_pipe | |
538 | reply_transport = address_reply | |
539 | ||
3e0bc5a8 | 540 | # Procmail. Uncomment following if you want procmail delivery. |
541 | ||
542 | #procmail: | |
543 | # driver = accept | |
544 | # check_local_user | |
545 | # local_part_suffix = DSUFFIX* | |
546 | # local_part_suffix_optional | |
547 | # require_files = "${local_part}:+${home}/.procmailrc:\ | |
548 | # +/usr/bin/procmail:!${home}/.forward" | |
549 | # transport = procmail_pipe | |
32f9109c | 550 | |
ca20f3cf ŁJM |
551 | # This router matches local user mailboxes. If the router fails, the error |
552 | # message is "Unknown user". | |
32f9109c | 553 | |
85aeaf0f ŁJM |
554 | # If you want this router to treat local parts with suffixes introduced by "-" |
555 | # or "+" characters as if the suffixes did not exist, uncomment the two local_ | |
556 | # part_suffix options. Then, for example, xxxx-foo@your.domain will be treated | |
557 | # in the same way as xxxx@your.domain by this router. | |
558 | ||
32f9109c AM |
559 | localuser: |
560 | driver = accept | |
561 | check_local_user | |
85aeaf0f ŁJM |
562 | # local_part_suffix = +* : -* |
563 | # local_part_suffix_optional | |
32f9109c | 564 | transport = local_delivery |
ca20f3cf ŁJM |
565 | cannot_route_message = Unknown user |
566 | ||
32f9109c AM |
567 | |
568 | ###################################################################### | |
569 | # TRANSPORTS CONFIGURATION # | |
570 | ###################################################################### | |
571 | # ORDER DOES NOT MATTER # | |
572 | # Only one appropriate transport is called for each delivery. # | |
573 | ###################################################################### | |
574 | ||
575 | # A transport is used only when referenced from a router that successfully | |
576 | # handles an address. | |
577 | ||
578 | begin transports | |
579 | ||
580 | ||
581 | # This transport is used for delivering messages over SMTP connections. | |
582 | ||
583 | remote_smtp: | |
584 | driver = smtp | |
585 | ||
586 | ||
587 | # This transport is used for local delivery to user mailboxes in traditional | |
588 | # BSD mailbox format. By default it will be run under the uid and gid of the | |
589 | # local user, and requires the sticky bit to be set on the /var/mail directory. | |
590 | # Some systems use the alternative approach of running mail deliveries under a | |
591 | # particular group instead of using the sticky bit. The commented options below | |
592 | # show how this can be done. | |
593 | ||
594 | local_delivery: | |
595 | driver = appendfile | |
596 | file = /var/mail/$local_part | |
597 | delivery_date_add | |
598 | envelope_to_add | |
599 | return_path_add | |
5fd30412 | 600 | group = mail |
32f9109c AM |
601 | # mode = 0660 |
602 | ||
3e0bc5a8 | 603 | # Procmail transport. Uncomment following if you want procmail delivery |
604 | ||
605 | #procmail_pipe: | |
606 | # driver = pipe | |
607 | # command = "procmail -f-" | |
608 | # delivery_date_add | |
609 | # envelope_to_add | |
610 | # path = "/usr/local/bin:/usr/bin:/bin" | |
611 | # return_path_add | |
612 | # user = ${local_part} | |
613 | # temp_errors= 75 : 75 : 256 | |
614 | # log_defer_output | |
615 | # log_fail_output | |
616 | ||
32f9109c AM |
617 | |
618 | # This transport is used for handling pipe deliveries generated by alias or | |
619 | # .forward files. If the pipe generates any standard output, it is returned | |
620 | # to the sender of the message as a delivery error. Set return_fail_output | |
621 | # instead of return_output if you want this to happen only when the pipe fails | |
622 | # to complete normally. You can set different transports for aliases and | |
623 | # forwards if you want to - see the references to address_pipe in the routers | |
624 | # section above. | |
625 | ||
626 | address_pipe: | |
627 | driver = pipe | |
628 | return_output | |
629 | ||
630 | ||
631 | # This transport is used for handling deliveries directly to files that are | |
632 | # generated by aliasing or forwarding. | |
633 | ||
634 | address_file: | |
635 | driver = appendfile | |
636 | delivery_date_add | |
637 | envelope_to_add | |
638 | return_path_add | |
639 | ||
640 | ||
641 | # This transport is used for handling autoreplies generated by the filtering | |
642 | # option of the userforward router. | |
643 | ||
644 | address_reply: | |
645 | driver = autoreply | |
646 | ||
647 | ||
648 | ||
649 | ###################################################################### | |
650 | # RETRY CONFIGURATION # | |
651 | ###################################################################### | |
652 | ||
653 | begin retry | |
654 | ||
655 | # This single retry rule applies to all domains and all errors. It specifies | |
656 | # retries every 15 minutes for 2 hours, then increasing retry intervals, | |
657 | # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 | |
658 | # hours, then retries every 6 hours until 4 days have passed since the first | |
659 | # failed delivery. | |
660 | ||
661 | # Domain Error Retries | |
662 | # ------ ----- ------- | |
663 | ||
664 | * * F,2h,15m; G,16h,1h,1.5; F,4d,6h | |
665 | ||
666 | ||
667 | ||
668 | ###################################################################### | |
669 | # REWRITE CONFIGURATION # | |
670 | ###################################################################### | |
671 | ||
672 | # There are no rewriting specifications in this default configuration file. | |
673 | ||
674 | begin rewrite | |
675 | ||
676 | ||
677 | ||
678 | ###################################################################### | |
679 | # AUTHENTICATION CONFIGURATION # | |
680 | ###################################################################### | |
681 | ||
682 | # There are no authenticator specifications in this default configuration file. | |
683 | ||
684 | begin authenticators | |
685 | ||
8342a235 ŁJM |
686 | # Uncomment lines below to enable SMTP AUTH support. Be aware that this |
687 | # requires cyrus-sasl-saslauthd package to be installed. | |
688 | ||
689 | # plain: | |
690 | # driver = plaintext | |
691 | # public_name = PLAIN | |
bd83b0af | 692 | # server_prompts = : |
1ac26e5a | 693 | # server_condition = ${if saslauthd{{$2}{$3}{smtp}}{1}{0}} |
8342a235 ŁJM |
694 | # server_set_id = $2 |
695 | # | |
696 | # login: | |
697 | # driver = plaintext | |
698 | # public_name = LOGIN | |
699 | # server_prompts = "Username:: : Password::" | |
700 | # server_condition = ${if saslauthd{{$1}{$2}{smtp}}{1}{0}} | |
701 | # server_set_id = $1 | |
32f9109c AM |
702 | |
703 | # End of Exim configuration file |